I have searched and searched but cannot locate an answer to my question so I am hoping the experts here can.
When I read about symmetric encryption like AES I see mention of the key and key size such as 256 bit keys. When I code in PHP and use AES I provide a secret or paraphrase. Is the secret that I provide the key?
If so, does the secret which is basically a string in coding terms need to be 256 bits long?
The passphrase is used to derive a key from using a hashing algorithm which turns the passphrase into a fixed length series of bits.
Most implementations will use the PBKDF2 hashing algorithm to generate a hexadecimal key of 256-bits. The easiest way to do this is to use PBKDF2 with SHA-256.
An important note though, AES itself doesn't care about how the key is derived, all it wants is something which is 256 bits long. How you generate that key is beyond its scope. There are bad ways to generate keys and there are good ways. The above mentioned method is considered a good one. If you want to know more about how key derivation works, I suggest reading this wikipedia article.
